Your submission was sent successfully! Close

CVE-2020-16127

Published: 3 November 2020

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
accountsservice
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (0.6.55-0ubuntu12~20.04.4)
groovy
Released (0.6.55-0ubuntu13.2)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)